04/29/2015

Twitter Breach Reveals the Ease of Scraping and Sniffing

by Neil Farquharson

Wow! Hardly a day goes by when we don’t hear about another major breach. Yesterday evening it was the turn of Twitter. A leak of its trading results caused an 18% drop in its share value before the New York Stock Exchange halted trades in its stock. The data was gleaned from the internet using a technique called data scraping. With data scraping automated programs scour through data streams ignoring regular parsing rules and restructuring raw data so that it can be searched for usable information – that is, intelligence gathering. Data scraping is similar in methodology to packet sniffing, in that again raw data is read, in real time, as it streams along data channels. Both of these activities require computing power, the computing power that is available in modern desktops and laptops. One of the common uses is to spy on network users in order to collect sensitive information such as login details, or user’s cookies. It also allows intruders to read unencrypted email traffic. I remember being at one training session where the presenter opened his sniffer program to listen in on the hotel WiFi network. Within just a few minutes, he had several POP3/SMTP authentication pairs and their retrieved and sent emails – including some emails from people sitting right in our room. None of the sniffed email accounts were encrypted. I understand that at a later session, some of the attendees downloaded the same tools and were reading other people’s emails too. Have no doubts: the sniffing of Wi-Fi networks is not the only method for gaining access to network traffic. Copper tapping and fiber tapping are both well-established methods for listening in on net traffic. In the 1970s, at the height of the Cold War, US spy agencies were tapping into Soviet communications under the waters of the Sea of Okhotsk. Indeed it is an open secret now in the present day that the USS Jimmy Carter is able to listen in on undersea fiber-optic cables garnering intelligence of all kinds: Internet traffic, banking transactions, telephone conversations and unencrypted emails. If the US government has for years been able to splice into fiber cables and copper cables at the bottom of the sea, I think it’s a safe bet that organized criminals can dress up as a telephone engineer and go down a street manhole or get into a local communications cupboard to gain access to internet traffic: your internet traffic. This allows them to read any emails that you send or receive in the clear – that is, unencrypted. There really is only one way to protect your emails from being spied on and that is to encrypt them. By far the most popular way to send and receive encrypted emails is transparently, within a community of trust. Protect your precious data: get the premier email encryption solution developed by Zix. Learn more here.